CVE-2025-3556

Опубликовано: 14 апр. 2025

Источник: nvd

CVSS3: 3.7

CVSS3: 8.1

CVSS2: 2.6

EPSS Низкий

Описание

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

https://vuldb.com/?ctiid.304597
Permissions Required
VDB Entry
https://vuldb.com/?id.304597
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.549187
Third Party Advisory
VDB Entry
https://www.websecurityinsights.my.id/2025/04/script-and-tools-ecommerce-30.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scriptandtools:ecommerce-website-in-php:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

3.7 Low

CVSS3

8.1 High

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-307

Связанные уязвимости

GHSA-rpw6-c888-qg9m

CVSS3: 3.7

github

10 месяцев назад

A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 56%

0.0034

Низкий

3.7 Low

CVSS3

8.1 High

CVSS3

2.6 Low

CVSS2

Дефекты

CWE-307